upstream: Remove explicit kill of privsep preauth child's PID in

SIGALRM handler. It's no longer needed since the child will get terminated by the SIGTERM to the process group that cleans up any auth helpers, it simplifies the signal handler and removes the risk of a race when updating the PID. Based on analysis by HerrSpace in github PR#289, ok djm@ OpenBSD-Commit-ID: 2be1ffa28b4051ad9e33bb4371e2ec8a31d6d663
2022-02-01 07:57:32 +00:00 · 2022-02-01 07:57:32 +00:00 · 4e62c13ab4
parent 2a7ccd2ec4
commit 4e62c13ab4
1 changed files with 5 additions and 12 deletions
--- a/sshd.c
+++ b/sshd.c
@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.582 2021/11/18 03:07:59 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.583 2022/02/01 07:57:32 dtucker Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -357,12 +357,9 @@ main_sigchld_handler(int sig)
 static void
 grace_alarm_handler(int sig)
 {
 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0)
 		kill(pmonitor->m_pid, SIGALRM);
 	/*
 	 * Try to kill any processes that we have spawned, E.g. authorized
-	 * keys command helpers.
+	 * keys command helpers or privsep children.
 	 */
 	if (getpgid(0) == getpid()) {
 		ssh_signal(SIGTERM, SIG_IGN);
@ -370,13 +367,9 @@ grace_alarm_handler(int sig)
 	}
 	/* Log error and exit. */
-	if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)
+	sigdie("Timeout before authentication for %s port %d",
-		cleanup_exit(255); /* don't log in privsep child */
+	    ssh_remote_ipaddr(the_active_state),
-	else {
+	    ssh_remote_port(the_active_state));
 		sigdie("Timeout before authentication for %s port %d",
 		    ssh_remote_ipaddr(the_active_state),
 		    ssh_remote_port(the_active_state));
 	}
 }
 /* Destroy the host and server keys.  They will no longer be needed. */